Click here to receive your FREE subscription to Campus Technology
News
Security Exploits to Google Chrome Browser Emerge
9/5/2008
|
|
Google's Chrome Web browser--complete with quirky marketing comic book--made a splash when announced Tuesday, but what a difference a day makes. On Wednesday, proof-of-concept bugs affecting the Internet app were disclosed. Chrome is still early in its first public beta.
First, Rishi Narang, who is part of the EvilFingers security portal, identified a denial-of-service vulnerability that has crashed the Chrome browser when tabs are open during an Internet session.
A second proof-of-concept vulnerability also emerged Wednesday that allows a malformed URL to crash or "carpet bomb" the Chrome browser. This exploit was discovered when independent researcher Aviv Raff figured out that he could combine two vulnerabilities--a flaw in Apple Safari (WebKit) and a Java bug discussed at this year's Black Hat conference. His exploit tricks users into launching executables directly from the new browser.
Google's Chrome browser is partly based on open source software components used in Mozilla's Firefox and Apple's WebKit. The malformed URL vulnerability is based on the WebKit problem that similarly affected Apple's Safari browser. Apple has since patched Safari, but Google is using a version of the WebKit that is vulnerable to this kind of attack, experts say.
Debates across the IT security community have noted that Microsoft Internet Explorer 8, currently at Beta 2, comes with a bevy of security and privacy functions. Meanwhile, Google, observers say, is far more likely to press for a release that does not meet the more stringent security requirements that IT pros in the enterprise space are used to seeing.
"As was the case a decade ago at Microsoft, inside of Google, marketing still appears to carry a much bigger stick than the security folks do," said Randy Abrams, director of technical education at San Diego-based security software company ESET. "This makes it impossible to place the proper emphasis on security. As a result, Google will be responding to flaws much more often than proactively preventing vulnerabilities."
Recommended Reading
- Moodle Gets SCORM Improvements, Security Fixes
New versions of Moodle have been released, bringing the most recent stable build to 1.9.3. The latest round of updates includes a number of bug fixes and security enhancements, as well as improvements to the SCORM module.
- Free 'Morro' Antivirus To Replace Microsoft OneCare
Microsoft is rolling out a free antivirus software program for consumers that will compete with products made by Symantec and McAfee. Code-named "Morro," the AV app is expected to be available by the end of 2009.
- Microsoft Demos New SQL Server Features at PASS
Microsoft Wednesday previewed the ability to centrally manage applications and resources in the planned upgrade of SQL Server, code-named "Kilimanjaro."
- Microsoft Unveils Exchange and SharePoint as Services
Microsoft exec Stephen Elop on Monday announced two hosted solutions from Microsoft--Exchange Online and SharePoint Online--which are now available to organizations of all sizes in the United States. The software, paid for by annual subscriptions, is hosted on Microsoft's servers and supported by Microsoft's channel partners.
- 6 Ways Not To Become Rote Using Instructional Technology
There are, in my experience, six strategies to consider with any use of technology that will guard against rote use of technology and facilitate critical analysis of teaching and learning effectiveness. In this article, I'll share with you the checklist I work with and encourage others to work with in learning about and using new technology.
- Bringing Student Web "Stuff" to Campus Enterprise Systems
How can an institution incorporate Web 2.0 learning opportunities for students, and evidence of learning from those opportunities, into existing campus technologies and processes? PlugJam is providing part of the answer.
